In the previous Part 1 post, I discussed the initial response, risk, and mitigations for the recently-disclosed zero day Oracle Java vulnerabilities that attackers have used in attacks against vulnerable end-user systems. Since then, Oracle has released software updates that correct the original flaw documented in IntelliShield alert 26751, as well as for additional vulnerabilities, as documented in IntelliShield alert 26831.
Attacks leveraging the Java vulnerabilities have increased, with reports indicating that tens of thousands of systems have been compromised. The malicious software toolkit BlackHole, documented in IntelliShield alert 25108, has incorporated the previously-reported Metasploit exploit and can be used to build exploits for use in attacks. Observed exploits have installed the Poison Ivy remote access trojan, and other malicious software may also be downloaded and installed using Poison Ivy, once installed on a vulnerable system.
Read More »
Tags: java, java security, Oracle, security, vulnerabilities
A few weeks ago I had the pleasure of participating, as a guest speaker, in a webinar titled “Targeted Attack, Targeted Response: Designing and Implementing an IR Plan That Works.” Joe Riggins, Senior Director of Incident Response for HBGary, moderated this Q&A format webinar. We discussed the current incident response (IR) challenges companies are facing, as well as specific steps organizations can take to design, test, and successfully implement an ongoing IR plan for their specific business environment.
The webinar recording can be accessed here.
Read More »
Tags: incident response, security
The Cisco Intrusion Prevention System (IPS) includes Global Correlation capabilities that utilize real-world data from Cisco Security Intelligence Operations (SIO). We have seen on this blog before how IPS Global Correlation can be used to detect and validate the urgency of emergent threats as well as allow our team to hone the protection capabilities of our IPS Sensors.
Perhaps more fundamentally however, Global Correlation allows Cisco IPS Sensors to filter network traffic using the “reputation” of a packet’s source IP address. The reputation of an IP address is computed by Cisco SensorBase using the past actions of that IP address. IP reputation has been an effective means of predicting the trustworthiness of current and future behaviors from an IP address.
Our team has recently published a new white paper that explores the benefits of IPS Global Correlation and how they relate to various IPS deployment scenarios. I would like to share a couple of items from the white paper and encourage you to read it for more information.
Read More »
Tags: global correlation, IPS, security, sio
Security researchers discovered a Java vulnerability (documented in IntelliShield alert 26751) that attackers are using to install malicious software on a victim’s systems. No software updates are available that correct the vulnerability (Updates are now available, see Part 2 of the blog). The attacks are currently limited in nature. There have been few reports of attacks that rely on the vulnerability. Now that Metasploit developed a functional exploit, continued attacks that leverage this vulnerability increase in likelihood as time goes on. US-CERT has issued a related vulnerability note. Administrators can monitor this and other ongoing activity at the Cisco Security Intelligence Operations portal.
It is not yet clear what attackers hope to gain out of the attacks observed in the wild. Goals may differ between individual attacks. Current exploits appear to install a malicious software dropper that may install other malicious software, but to what end is unknown. Attackers may attempt to install malicious software that monitors keyboard input and network communication, hoping to gain user credentials for either external resources to aid in fraudulent activity or to access other internal systems within the targeted site.
Read More »
Tags: client side attacks, java, java security, security
By Bryan Mobley, Director, IBSG Service Provider practice
Service providers continue to struggle to monetize the tsunami of data traffic flooding their networks from consumers and business customers alike. While data traffic is growing exponentially, revenue is relatively flat. In engagements with major service providers and global enterprises, Cisco’s Internet Business Solutions Group (IBSG) has uncovered potential ways for service providers to generate additional revenue by helping software-as-a-service (SaaS) providers deliver a better experience to their enterprise customers. This blog describes one way service providers can participate in a SaaS market estimated to reach $30 billion by 2013. By 2015, Forrester Research predicts the SaaS market will exceed $78 billion, representing more than 80 percent of the global public cloud market.
Security Concerns Can Limit SaaS Benefits
Many large enterprises today have embraced SaaS as a way to Read More »
Tags: Cisco, Enterprise, IBSG, Public Cloud, SaaS, security, Service Provider